Temporary backup file permissions

[wyckaoo]

While creating backup, DA creates temporary backup file. e.g.:
-rw-r--r-- 1 root root 20598996 May 5 10:20 backup-May-5-2016-1.tar.gz

It is readable by any user, when backup is completed DA chowns file to user and changes permissions:
-rw-r----- 1 user user 106708161 May 5 10:20 backup-May-5-2016-1.tar.gz

Temporary backup file should not be readable by any user because:
1) It is security vulnerability, if backups DIR is created with X perm for any user, anyone can read whole user backups while it is processing
2) Sometimes users downloads corrupted backup(while backup is processing).

 

[websafe]

+1 I see the backup section of DA needs work and optimization ;-) according to my earlier posts in this matter.

I'm not sure why some of my threads were hidden...? They are still accessible via direct links:

• [Feature Request] Additional variables in user_backup_pre|post
• backup_exclude_paths: unnecessary files copied to temporary backup directory
• [bug?] backup_nice not really respected?
• Feature request] backup_include_paths in addition backup_exclude_paths
• [Feature request] Use backup_tmpdir for "local" backups too (locally mounted NFS)

 

[Royal Flash]

+1 I subscribe to the fact that temporary backup file should not be readable by any user!